IN-PERSON

San Francisco CISO Executive Summit

May 10, 2022 | San Francisco Marriott Marquis

May 10, 2022
San Francisco Marriott Marquis

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi

ICE Mortgage Technology
CISO

Krishnan Chellakarai

Gilead Sciences
Head of Information Security & Data Privacy (CISO)

Cassie Crossley

Schneider Electric
VP, Deputy Product Security Officer

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Jeff Trudeau

Chime
CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

May 9, 2022

afternoon

May 10, 2022

morning mid-afternoon afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Private Dinner

Roger Hale

Chief Security Officer

Agora

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking.

7:30am - 8:15am Registration & Breakfast

8:15am - 9:00am Keynote

The ROI of Creativity

Noah Scalin

Artist, Innovation Consultant

Guest Speaker

Lucia Milica

Global Resident CISO

Proofpoint

Creativity is essential to thriving in this era of rapid innovation and change. But few organizations have truly invested in developing this necessary skill. Why? Because creativity is considered too intangible to measure, too messy to fit into a strategic plan or simply something that is only for a few specially talented people.

In this interactive session, artist and author Noah Scalin pulls back the curtain on his own creative practice to help security leaders learn:

Why creativity is necessary to foster sustainable innovation in work and life
How to strategically use creativity for long-term impact
Simple strategies that anyone can use right away to innovate, grow and inspire others

9:00am - 9:30am Networking Break

9:30am - 10:15am Breakout Session

Finding and Training the Next Generation of Security Talent

Phillip Cantu

CISO

Kannan Perumal

Managing Director & Chief Information Security Officer

Applied Materials

Somewhere out there, in the crowded talent market, the next generation of security leaders is maturing. But how can CISOs train tomorrow’s security executives when today’s well-known security talent shortage makes it difficult to fill even the most basic roles? Retaining cyber professionals isn’t just a matter of offering the biggest paycheck — it requires getting creative with cross-training, hands-on experience and developing collaborative solutions with fellow CISOs. Join this discussion to explore strategies for identifying and developing the next generation — including your own replacement.

9:30am - 10:15am Breakout Session

Cybersecurity Strategy — Getting Ready for the Next Event

Bhanu Prakash

Director, Systems Engineering

Fortinet

Your digital transformation journey must be efficient, effective and secure. Where does cybersecurity fit into your post pandemic IT and digital enablement? With the recent shift in IT priorities, your CISO should be a strategic thinker and an ally who promotes security readiness as you shape your company or organization’s success.

In this session hosted by Fortinet, you will explore:

The components of an effective cybersecurity strategy that drive your program and reduce risk
Strategies that ensure the major building blocks of your IT transformation are secured
Ways to evolve your cybersecurity strategy to align with line of business goals

9:30am - 10:15am Executive Boardroom

Securing Sprawl – Mitigating Risk

Karl Mattson

CISO

Noname Security

As business and technology teams drive cloud adoption and implement modern application architectures, the security vulnerabilities of the sprawling IT stack multiply as visibility dwindles. Now is the time to explore new applications and API security strategies to proactively reduce risk, secure the environment, and capitalize on cloud-native capabilities to meet these challenges.

Join this boardroom hosted by Noname Security to discuss:

Establishing effective vulnerability management and application security programs
Moving from a reactive to a proactive security posture
API governance and security challenges and opportunities

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

9:30am - 10:15am Executive Boardroom

Combatting Advanced Threats From the Inside

Tom Clavel

Director of Security Products and Solutions

ExtraHop

Richard McClellan

Head of Information Security and Compliance

Sana Biotechnology

Based on Gartner research, 75 percent of cybersecurity budgets go to preventing initial intrusion and only 25 percent on detection and mitigation. However, the real damage to the enterprise happens once the attacker is already inside the network, working their way toward carrying out a costly breach or extortion.

Join this boardroom to discuss:

Key areas to reduce cyber risk and build resilience
The advanced attack techniques that bad actors are forced to rely on and how to spot them
Strategies to increase the speed of detection and mitigation

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

10:15am - 10:45am Networking Break

10:20am - 10:45am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

10:45am - 11:30am Breakout Session

Benchmarking your Security Operations Center

Harry O’Laughlin

CISO

State of California - California Department of Insurance

Outsource? Insource? A hybrid model? Finding the right processes and design for an effective Security Operations Center (SOC) is a complex leadership challenge weaving technology, budget, talent management and, of course, risk. In this interactive session, learn what peers are doing and what questions you should be asking yourself – and other senior leaders – to ensure your SOC is up to par.

10:45am - 11:30am Breakout Session

Security Service Edge (SSE) — Security is a Team Sport

James Christiansen

VP, CSO Cloud Security Transformation

Netskope

Building trust and reliance across technology and security teams is key to defending the enterprise. As security stacks incorporate Security Service Edge (SSE) to sustain the SASE journey, the partnership between CIOs, CISOs, and their teams is more important than ever.

Join this session, hosted by Netskope, to learn about:

Best practices for IT and security collaboration
Communicating the importance of SSE to your CEO and Board
Improving internal stakeholder relationships to fuel business outcomes

10:45am - 11:30am Executive Boardroom

Zero Trust – Hype or Hope?

Anthony Aurigemma

VP, IBM Security Sales

IBM

Jitendra Joshi

Director Cybersecurity

Grant Thornton

Todd Dekkinga

CISO

Airgap Networks

An organization's ability to achieve successful digital transformation is in large part enabled by the security team. Distributed, loosely connected infrastructure and tools, coupled with the demand for almost any-to-any connectivity, complicates the mission. Regularly defined as being delivered by a single "silver bullet" point solution, the term zero trust is now often held in poor regard. It is however, a highly effective conceptual framework, and perhaps even a cultural shift, that many organizations have been working with for several years.

Join this interactive boardroom hosted by IBM to discuss:

The broader definition of what a zero trust framework is
The foundational control required to build a zero trust program
Strategies for improving the user experience and proving value to get organization-wide acceptance

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

10:45am - 11:30am Executive Boardroom

The Indispensable Human Element of Cybersecurity

Jon Anderson

Director of Systems Engineering

SentinelOne

Mahesh Ayyala

Director of Security

Square

Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important tools of defense, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element.

Join this session hosted by SentinelOne to discuss:

What these trends mean for the hands-on practitioner
When velocity of innovation outpaces the capabilities of human intellect
The role of automation in the effective practice of securing our digital world

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

11:30am - 11:40am Break

11:30am - 12:30pm Lunch Service

12:30pm - 1:05pm Keynote

Third-Party Cyber Risk — Zero-Day Findings and Mitigation

Adam Bixler

Global Head of Third Party Risk Management

BlueVoyant

Mahesh Ayyala

Director of Security

Square

Managing distributed risk is today’s defining cybersecurity challenge. Mitigation of zero-day vulnerabilities is critical as adversaries exploit supply chain entities. This session explores how to identify all third parties impacted by zero-day vulnerabilities and guide their mitigation efforts. Your vendor, supplier, and partner ecosystem is now your enterprise attack surface.

Join this keynote session hosted by BlueVoyant to learn:

How to manage distributed risk associated with hundreds and even thousands of vendors, suppliers, and partners
Approaches to identify, prioritize, and mitigate active threats and critical/zero-day vulnerabilities
Strategies to reduce supply chain/external ecosystem risk associated with zero-day

1:05pm - 1:20pm Break

1:20pm - 2:05pm Breakout Session

Taking a Risk Based Approach to Data Governance

Nezha Bennouna Nickerson

Senior Director of Cybersecurity

SoFi

Shadaab Kanwal

Executive Leader MD - Digital, Data, and Analytics Services

Charles Schwab

Data is the primary target in virtually every breach scenario – and protecting data gets harder every day. Mix overly provisioned access rights with a plethora or unknown risks, it is no wonder why data stores are so difficult to control and so susceptible to attack. How can CISOs approach a problem that is so big and complex?

1:20pm - 2:05pm Breakout Session

Your Security Analysts are Leaving – Here’s Why

Eoin Hinchy

Co-founder & CEO

Tines

Understaffed teams, inefficient processes, alert overload — this is a typical day for a SOC team. The result? Analysts so consumed with tedious, repetitive tasks leading not only to higher risk of burnout, but also human error that could cost millions.

Join this data-driven session, hosted by Tines, to:

Learn the tasks consuming the most time, plus the top 3 tasks analysts enjoy least
Understand what prevents security teams from doing their best work
Break down causes of burnout and how to improve retention

1:20pm - 2:05pm Executive Boardroom

Software Supply Chain Management Hygiene

Andrew Yorra

VP of Strategy

Sonatype

Michael McAlpen

Head of Global Security, Compliance and Fraud

8x8

Software hygiene practices are like handwashing prior to surgery: at one point laughable, now an essential and integral step prior to every procedure. Why are organizations still not putting enough focus on adopting essential software hygiene practices for supply chain management, even though they know they should?

Join this roundtable session hosted by Sonatype to discuss:

Encouraging developers to adopt a set of security and governance daily routines
Overcoming the knowledge sharing gap between Security, Developer, and IT Operations
Positioning software hygiene as a practice that generates not simply risk value, but revenue value

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

1:20pm - 2:05pm Executive Boardroom

Leading in Cyber-Crisis — Business as Usual vs. Business Disruption?

Eldon Sprickerhoff

Chief Security Strategist and Founder

eSentire

Sandeep Sharma

Principal Security Architect

Blue Shield of California

Despite the millions of dollars extorted in ransomware attacks each year, leaders outside security still sometimes struggle to understand cyber risks beyond what fits into a morning news alerts, leaving security leaders struggling to explain complex topics to their non-technical peers. While most CISOs feel comfortable managing the minor security incidents with standardized processes, what about major incidents that shake the very foundation of your organization?

Join this boardroom hosted by eSentire to discuss making critical decisions in the chaotic atmosphere of a cyberattack. You'll leave with insights and advice on:

New challenges in regulatory compliance, ransom payments and legal liability
Best practices for strategic communication across the organization
Lessons learned and examples from attacks that didn't make the headlines

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

2:05pm - 2:35pm Networking Break

2:10pm - 2:35pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:35pm - 3:20pm Breakout Session

Pen Test your Board Pitch – An Interactive Exercise

Leda Muller

CISO/Assistant Director of Support Services

Stanford University

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch — and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch
Receive real-time feedback on your pitch
Learn best practices and strategies for communicating with your board

2:35pm - 3:20pm Breakout Session

Achieving Modern Resilience — Rising to the Challenges of Tomorrow

Tim Wade

Deputy CTO

Vectra

David Tugwell

Senior Director, Information Security/CISO

Agilent Technologies

Krishnan Chellakarai

Head of Information Security & Data Privacy (CISO)

Gilead Sciences

Brian Watson

Head of Executive Leadership Programs

Vectra

In this upside-down world, only the resilient will survive. Unsurprisingly, forward thinking leaders are relentlessly pursuing resilience – resilience in the face of motivated cyber-threats, resilience in the face of supply chain and operational risks, resilience in the face of an evolving, volatile technology landscape. If you’re on that journey yourself, maintain confidence – it may feel difficult, but you’re not alone.

Join a panel of executive peers and leaders, hosted by Vectra, who will discuss:

What resiliency means to their organization and how they prioritize achieving it
How they measure success, and both confront and learn from failure
The risks they see on the horizon and their position on effective preparation

2:35pm - 3:20pm Executive Boardroom

The Art of Communicating Risk to the Business

Ajay Wadhwa

CISO

State of California - California Insurance Compensation Fund

Harry O’Laughlin

CISO

State of California - California Department of Insurance

To quantify how they are reducing risk for the business and where to strategically invest, security leaders need effective, actionable metrics. These measures are essential to communicating effectively with the Board and other executive stakeholders.

Join this roundtable discussion hosted by ReliaQuest to gain insight into how your peers are:

Making informed investment decisions
Communicating risk to the business at large
Using data to tell a story to non-technical audiences

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

2:35pm - 3:20pm Executive Boardroom

The State of Threat Detection — Actionable Insights and Adversary Techniques

Cordell BaanHofman

General Manager, Red Canary + Microsoft Security

Red Canary

Jeff Roberts

CISO

American Eagle Outfitters

Staying ahead of the countless, persistent and often well-funded threat actors is a daunting task. A fast-moving security program can mean the difference between preventing a breach or becoming the next headline, but knowing where and how to prioritize efforts and resources can be just as challenging. What are CISOs doing to ensure their threat intelligence programs are on the right track for 2022 and beyond?

Join this peer roundtable hosted by Red Canary to discuss:

The latest threat landscape, including emerging threats and the most prevalent techniques
Best practices for detecting, mitigating and simulating attacks
How to test and validate defenses against common adversary behaviors

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com.

3:20pm - 3:35pm Networking Break

3:35pm - 4:10pm Keynote

Stress in Security — An Insidious Insider Threat

Devin Ertel

Chief Information Security Officer

Menlo Security

Jitendra Joshi

Director Cybersecurity

Grant Thornton

Ajay Wadhwa

CISO

State of California - California Insurance Compensation Fund

Within the security function, stress is a given. Between managing vulnerabilities, implementing new solutions, and navigating governance and company-wide risk assessments, it’s not a surprise that security professionals - and especially CISOs - are experiencing such high levels of burnout. What can security leaders do to better support the wellbeing of their teams and ensure their best line of defense against attacks stays strong?

Join this session to hear from a panel of security leaders on:

How to model the work/life balance you want to see on your team
Ways to implement your employee wellbeing strategy
Why trust and openness with your team is key to their mental health

4:10pm - 4:40pm Closing Reception & Prize Drawing

May 9, 2022

afternoon

May 10, 2022

morning mid-afternoon afternoon

We look forward to seeing you at an upcoming in-person gathering

Location

Venue & Accommodation

San Francisco Marriott Marquis

MORE INFORMATION

A block of rooms has been reserved at the San Francisco Marriott Marquis at a reduced conference rate. Reservations should be made online or by calling (888) 575-8934.

Deadline to book using the discounted room rate of $190 USD (plus tax) is April 25, 2022.

RESERVE ROOM